AI Security Review
scanned 36m ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an op0 CLI that performs documented, user-invoked network operations and optional transcript pairing with redaction.
Decision evidence
public snapshot- package.json has no preinstall/install/postinstall lifecycle scripts; only bin op0 -> bin/op0.mjs
- bin/op0.mjs network calls are user-invoked op0 commands to op0/usectx hosts, not import/install-time execution
- bin/op0.mjs child_process use is limited to user-invoked eject git init and dev npx wrangler dev
- bin/pair.mjs tails Claude transcript only when user runs op0 pair; --install-hooks explicitly prints a stub and writes nothing
- lib/pair-core.mjs redacts common secrets, denies .env/secrets path payloads, hashes tool inputs/results, and caps payload size
- No eval/vm/dynamic require/native binary loading or credential harvesting beyond documented login/session config
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/op0.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/op0.mjsView on unpkg · L13Package source invokes a package manager install command at runtime.
bin/op0.mjsView on unpkg · L374